Skip to content

jdelgit/BitwardenDecrypt

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
.github
.github
 
 
.gitignore
.gitignore
 
 
BitwardenDecrypt.py
BitwardenDecrypt.py
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

BitwardenDecrypt

Decrypts an encrypted Bitwarden data.json file (from the desktop App).
You can safely store data.json as an encrypted, offline backup of your vault knowing you will always be able to decrypt it.

To determine the location of the data.json file see:
https://bitwarden.com/help/article/where-is-data-stored-computer/

Note: BitwardenDecrypt does not work with Bitwarden Encrypted JSON Exports.
These exports lack the Protected Symmetric Key needed to decrypt entries.


Outputs JSON containing:

  • Logins
  • Cards
  • Secure Notes
  • Identities
  • Folders
  • Organizations
  • Collections
  • Sends (Optional)

Note: Outputs (almost) all key/value pairs, including ones you probably don't care about.

Usage:

./BitwardenDecrypt.py [options]  (reads data.json from current directory)
or
./BitwardenDecrypt.py [options] inputfile

Password: (Enter Password)

Options:
        --includesends        Include Sends in the output.

On Windows:

py BitwardenDecrypt.py [options]
or
py BitwardenDecrypt.py [options] inputfile

Password: (Enter Password)

Options:
        --includesends        Include Sends in the output.

Note: This script depends on the 'cryptography' package
pip install cryptography

Donate

Find this useful? If so, consider showing your appreciation. 🙂
https://paypal.me/GurpreetKang


Limitations

  • Does not work with Bitwarden Encrypted JSON Exports.
    These exports lack the Protected Symmetric Key needed to decrypt entries.
  • No validation of the CipherString. I.e. No verification of the MAC before decrypting. Now verifies the MAC.
  • Can only decrypt EncryptionType: 2 (AesCbc256_HmacSha256_B64). At the time of writing this is the default used for all entries in the personal vault.
  • Does not decrypt anything from a Collection (Organization).
    Initial support for decrypting items from a Collection (Organization). This adds support for decrypting EncryptionType: 4 (Rsa2048_OaepSha1_B64)

To Do

[ ] Nothing. Hopefully Bitwarden will implement an encrypted export and this script can become obsolete.

License

This project is licensed under the GNU General Public License v3.0 - see the LICENSE file for details

Acknowledgments

This project is not associated with Bitwarden or Bitwarden, Inc.

About

Decrypts an encrypted Bitwarden data.json file.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

5 tags

Packages

No packages published

Languages

  • Python 100.0%